summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/errors.js40
-rw-r--r--lib/history.js40
-rw-r--r--lib/response.js493
-rw-r--r--lib/utils.js9
-rw-r--r--lib/web/auth/dropbox/index.js3
-rw-r--r--lib/web/auth/email/index.js14
-rw-r--r--lib/web/auth/facebook/index.js3
-rw-r--r--lib/web/auth/github/index.js3
-rw-r--r--lib/web/auth/gitlab/index.js3
-rw-r--r--lib/web/auth/google/index.js3
-rw-r--r--lib/web/auth/ldap/index.js6
-rw-r--r--lib/web/auth/mattermost/index.js3
-rw-r--r--lib/web/auth/oauth2/index.js3
-rw-r--r--lib/web/auth/openid/index.js2
-rw-r--r--lib/web/auth/twitter/index.js3
-rw-r--r--lib/web/auth/utils.js6
-rw-r--r--lib/web/baseRouter.js8
-rw-r--r--lib/web/imageRouter/index.js4
-rw-r--r--lib/web/middleware/checkURIValid.js4
-rw-r--r--lib/web/middleware/tooBusy.js4
-rw-r--r--lib/web/note/actions.js122
-rw-r--r--lib/web/note/controller.js147
-rw-r--r--lib/web/note/router.js30
-rw-r--r--lib/web/note/slide.js45
-rw-r--r--lib/web/note/util.js109
-rw-r--r--lib/web/noteRouter.js30
-rw-r--r--lib/web/statusRouter.js18
-rw-r--r--lib/web/userRouter.js22
28 files changed, 571 insertions, 606 deletions
diff --git a/lib/errors.js b/lib/errors.js
new file mode 100644
index 00000000..f86e8aa3
--- /dev/null
+++ b/lib/errors.js
@@ -0,0 +1,40 @@
+const config = require('./config')
+
+module.exports = {
+ errorForbidden: function (res) {
+ const { req } = res
+ if (req.user) {
+ responseError(res, '403', 'Forbidden', 'oh no.')
+ } else {
+ if (!req.session) req.session = {}
+ req.session.returnTo = req.originalUrl || config.serverUrl + '/'
+ req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
+ res.redirect(config.serverURL + '/')
+ }
+ },
+ errorNotFound: function (res) {
+ responseError(res, '404', 'Not Found', 'oops.')
+ },
+ errorBadRequest: function (res) {
+ responseError(res, '400', 'Bad Request', 'something not right.')
+ },
+ errorTooLong: function (res) {
+ responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
+ },
+ errorInternalError: function (res) {
+ responseError(res, '500', 'Internal Error', 'wtf.')
+ },
+ errorServiceUnavailable: function (res) {
+ res.status(503).send('I\'m busy right now, try again later.')
+ }
+}
+
+function responseError (res, code, detail, msg) {
+ res.status(code).render('error.ejs', {
+ title: code + ' ' + detail + ' ' + msg,
+ code: code,
+ detail: detail,
+ msg: msg,
+ opengraph: []
+ })
+}
diff --git a/lib/history.js b/lib/history.js
index 88a7ee05..3ebf77fd 100644
--- a/lib/history.js
+++ b/lib/history.js
@@ -5,8 +5,8 @@ var LZString = require('lz-string')
// core
var logger = require('./logger')
-var response = require('./response')
var models = require('./models')
+const errors = require('./errors')
// public
var History = {
@@ -121,14 +121,14 @@ function parseHistoryToObject (history) {
function historyGet (req, res) {
if (req.isAuthenticated()) {
getHistory(req.user.id, function (err, history) {
- if (err) return response.errorInternalError(res)
- if (!history) return response.errorNotFound(res)
+ if (err) return errors.errorInternalError(res)
+ if (!history) return errors.errorNotFound(res)
res.send({
history: parseHistoryToArray(history)
})
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
}
@@ -136,40 +136,40 @@ function historyPost (req, res) {
if (req.isAuthenticated()) {
var noteId = req.params.noteId
if (!noteId) {
- if (typeof req.body['history'] === 'undefined') return response.errorBadRequest(res)
+ if (typeof req.body['history'] === 'undefined') return errors.errorBadRequest(res)
logger.debug(`SERVER received history from [${req.user.id}]: ${req.body.history}`)
try {
var history = JSON.parse(req.body.history)
} catch (err) {
- return response.errorBadRequest(res)
+ return errors.errorBadRequest(res)
}
if (Array.isArray(history)) {
setHistory(req.user.id, history, function (err, count) {
- if (err) return response.errorInternalError(res)
+ if (err) return errors.errorInternalError(res)
res.end()
})
} else {
- return response.errorBadRequest(res)
+ return errors.errorBadRequest(res)
}
} else {
- if (typeof req.body['pinned'] === 'undefined') return response.errorBadRequest(res)
+ if (typeof req.body['pinned'] === 'undefined') return errors.errorBadRequest(res)
getHistory(req.user.id, function (err, history) {
- if (err) return response.errorInternalError(res)
- if (!history) return response.errorNotFound(res)
- if (!history[noteId]) return response.errorNotFound(res)
+ if (err) return errors.errorInternalError(res)
+ if (!history) return errors.errorNotFound(res)
+ if (!history[noteId]) return errors.errorNotFound(res)
if (req.body.pinned === 'true' || req.body.pinned === 'false') {
history[noteId].pinned = (req.body.pinned === 'true')
setHistory(req.user.id, history, function (err, count) {
- if (err) return response.errorInternalError(res)
+ if (err) return errors.errorInternalError(res)
res.end()
})
} else {
- return response.errorBadRequest(res)
+ return errors.errorBadRequest(res)
}
})
}
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
}
@@ -178,22 +178,22 @@ function historyDelete (req, res) {
var noteId = req.params.noteId
if (!noteId) {
setHistory(req.user.id, [], function (err, count) {
- if (err) return response.errorInternalError(res)
+ if (err) return errors.errorInternalError(res)
res.end()
})
} else {
getHistory(req.user.id, function (err, history) {
- if (err) return response.errorInternalError(res)
- if (!history) return response.errorNotFound(res)
+ if (err) return errors.errorInternalError(res)
+ if (!history) return errors.errorNotFound(res)
delete history[noteId]
setHistory(req.user.id, history, function (err, count) {
- if (err) return response.errorInternalError(res)
+ if (err) return errors.errorInternalError(res)
res.end()
})
})
}
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
}
diff --git a/lib/response.js b/lib/response.js
index 74d71d52..2e944e32 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -3,66 +3,21 @@
// external modules
var fs = require('fs')
var path = require('path')
-var markdownpdf = require('markdown-pdf')
-var shortId = require('shortid')
-var querystring = require('querystring')
var request = require('request')
-var moment = require('moment')
-
// core
var config = require('./config')
var logger = require('./logger')
var models = require('./models')
-var utils = require('./utils')
+const noteUtil = require('./web/note/util')
+const errors = require('./errors')
// public
var response = {
- errorForbidden: function (res) {
- const { req } = res
- if (req.user) {
- responseError(res, '403', 'Forbidden', 'oh no.')
- } else {
- req.flash('error', 'You are not allowed to access this page. Maybe try logging in?')
- res.redirect(config.serverURL + '/')
- }
- },
- errorNotFound: function (res) {
- responseError(res, '404', 'Not Found', 'oops.')
- },
- errorBadRequest: function (res) {
- responseError(res, '400', 'Bad Request', 'something not right.')
- },
- errorTooLong: function (res) {
- responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
- },
- errorInternalError: function (res) {
- responseError(res, '500', 'Internal Error', 'wtf.')
- },
- errorServiceUnavailable: function (res) {
- res.status(503).send("I'm busy right now, try again later.")
- },
- showNote: showNote,
- showPublishNote: showPublishNote,
- showPublishSlide: showPublishSlide,
showIndex: showIndex,
- noteActions: noteActions,
- postNote: postNote,
- publishNoteActions: publishNoteActions,
- publishSlideActions: publishSlideActions,
githubActions: githubActions,
gitlabActions: gitlabActions
}
-function responseError (res, code, detail, msg) {
- res.status(code).render('error.ejs', {
- title: code + ' ' + detail + ' ' + msg,
- code: code,
- detail: detail,
- msg: msg,
- opengraph: []
- })
-}
-
function showIndex (req, res, next) {
var authStatus = req.isAuthenticated()
var deleteToken = ''
@@ -93,377 +48,9 @@ function showIndex (req, res, next) {
}
}
-function responseCodiMD (res, note) {
- var body = note.content
- var extracted = models.Note.extractMeta(body)
- var meta = models.Note.parseMeta(extracted.meta)
- var title = models.Note.decodeTitle(note.title)
- title = models.Note.generateWebTitle(meta.title || title)
- var opengraph = models.Note.parseOpengraph(meta, title)
- res.set({
- 'Cache-Control': 'private', // only cache by client
- 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
- })
- res.render('codimd.ejs', {
- title: title,
- opengraph: opengraph
- })
-}
-
-function postNote (req, res, next) {
- var body = ''
- if (req.body && req.body.length > config.documentMaxLength) {
- return response.errorTooLong(res)
- } else if (req.body) {
- body = req.body
- }
- body = body.replace(/[\r]/g, '')
- return newNote(req, res, body)
-}
-
-function newNote (req, res, body) {
- var owner = null
- var noteId = req.params.noteId ? req.params.noteId : null
- if (req.isAuthenticated()) {
- owner = req.user.id
- } else if (!config.allowAnonymous) {
- return response.errorForbidden(res)
- }
- if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
- req.alias = noteId
- } else if (noteId) {
- return req.method === 'POST' ? response.errorForbidden(res) : response.errorNotFound(res)
- }
- models.Note.create({
- ownerId: owner,
- alias: req.alias ? req.alias : null,
- content: body
- }).then(function (note) {
- return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
- }).catch(function (err) {
- logger.error(err)
- return response.errorInternalError(res)
- })
-}
-
-function checkViewPermission (req, note) {
- if (note.permission === 'private') {
- if (!req.isAuthenticated() || note.ownerId !== req.user.id) { return false } else { return true }
- } else if (note.permission === 'limited' || note.permission === 'protected') {
- if (!req.isAuthenticated()) { return false } else { return true }
- } else {
- return true
- }
-}
-
-function findNote (req, res, callback, include) {
- var id = req.params.noteId || req.params.shortid
- models.Note.parseNoteId(id, function (err, _id) {
- if (err) {
- logger.error(err)
- return response.errorInternalError(res)
- }
- models.Note.findOne({
- where: {
- id: _id
- },
- include: include || null
- }).then(function (note) {
- if (!note) {
- return newNote(req, res, null)
- }
- if (!checkViewPermission(req, note)) {
- return response.errorForbidden(res)
- } else {
- return callback(note)
- }
- }).catch(function (err) {
- logger.error(err)
- return response.errorInternalError(res)
- })
- })
-}
-
-function showNote (req, res, next) {
- findNote(req, res, function (note) {
- // force to use note id
- var noteId = req.params.noteId
- var id = models.Note.encodeNoteId(note.id)
- if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) { return res.redirect(config.serverURL + '/' + (note.alias || id)) }
- return responseCodiMD(res, note)
- })
-}
-
-function showPublishNote (req, res, next) {
- var include = [{
- model: models.User,
- as: 'owner'
- }, {
- model: models.User,
- as: 'lastchangeuser'
- }]
- findNote(req, res, function (note) {
- // force to use short id
- var shortid = req.params.shortid
- if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
- return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
- }
- note.increment('viewcount').then(function (note) {
- if (!note) {
- return response.errorNotFound(res)
- }
- var body = note.content
- var extracted = models.Note.extractMeta(body)
- var markdown = extracted.markdown
- var meta = models.Note.parseMeta(extracted.meta)
- var createtime = note.createdAt
- var updatetime = note.lastchangeAt
- var title = models.Note.decodeTitle(note.title)
- title = models.Note.generateWebTitle(meta.title || title)
- var ogdata = models.Note.parseOpengraph(meta, title)
- var data = {
- title: title,
- description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
- viewcount: note.viewcount,
- createtime: createtime,
- updatetime: updatetime,
- body: body,
- owner: note.owner ? note.owner.id : null,
- ownerprofile: note.owner ? models.User.getProfile(note.owner) : null,
- lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
- lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null,
- robots: meta.robots || false, // default allow robots
- GA: meta.GA,
- disqus: meta.disqus,
- cspNonce: res.locals.nonce,
- dnt: req.headers.dnt,
- opengraph: ogdata
- }
- return renderPublish(data, res)
- }).catch(function (err) {
- logger.error(err)
- return response.errorInternalError(res)
- })
- }, include)
-}
-
-function renderPublish (data, res) {
- res.set({
- 'Cache-Control': 'private' // only cache by client
- })
- res.render('pretty.ejs', data)
-}
-
-function actionPublish (req, res, note) {
- res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
-}
-
-function actionSlide (req, res, note) {
- res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
-}
-
-function actionDownload (req, res, note) {
- var body = note.content
- var title = models.Note.decodeTitle(note.title)
- var filename = title
- filename = encodeURIComponent(filename)
- res.set({
- 'Access-Control-Allow-Origin': '*', // allow CORS as API
- 'Access-Control-Allow-Headers': 'Range',
- 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
- 'Content-Type': 'text/markdown; charset=UTF-8',
- 'Cache-Control': 'private',
- 'Content-disposition': 'attachment; filename=' + filename + '.md',
- 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
- })
- res.send(body)
-}
-
-function actionInfo (req, res, note) {
- var body = note.content
- var extracted = models.Note.extractMeta(body)
- var markdown = extracted.markdown
- var meta = models.Note.parseMeta(extracted.meta)
- var createtime = note.createdAt
- var updatetime = note.lastchangeAt
- var title = models.Note.decodeTitle(note.title)
- var data = {
- title: meta.title || title,
- description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
- viewcount: note.viewcount,
- createtime: createtime,
- updatetime: updatetime
- }
- res.set({
- 'Access-Control-Allow-Origin': '*', // allow CORS as API
- 'Access-Control-Allow-Headers': 'Range',
- 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
- 'Cache-Control': 'private', // only cache by client
- 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
- })
- res.send(data)
-}
-
-function actionPDF (req, res, note) {
- var url = config.serverURL || 'http://' + req.get('host')
- var body = note.content
- var extracted = models.Note.extractMeta(body)
- var content = extracted.markdown
- var title = models.Note.decodeTitle(note.title)
-
- if (!fs.existsSync(config.tmpPath)) {
- fs.mkdirSync(config.tmpPath)
- }
- var path = config.tmpPath + '/' + Date.now() + '.pdf'
- content = content.replace(/\]\(\//g, '](' + url + '/')
- markdownpdf().from.string(content).to(path, function () {
- if (!fs.existsSync(path)) {
- logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
- return response.errorInternalError(res)
- }
- var stream = fs.createReadStream(path)
- var filename = title
- // Be careful of special characters
- filename = encodeURIComponent(filename)
- // Ideally this should strip them
- res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
- res.setHeader('Cache-Control', 'private')
- res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
- res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
- stream.pipe(res)
- fs.unlinkSync(path)
- })
-}
-
-function actionGist (req, res, note) {
- var data = {
- client_id: config.github.clientID,
- redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
- scope: 'gist',
- state: shortId.generate()
- }
- var query = querystring.stringify(data)
- res.redirect('https://github.com/login/oauth/authorize?' + query)
-}
-
-function actionRevision (req, res, note) {
- var actionId = req.params.actionId
- if (actionId) {
- var time = moment(parseInt(actionId))
- if (time.isValid()) {
- models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
- if (err) {
- logger.error(err)
- return response.errorInternalError(res)
- }
- if (!content) {
- return response.errorNotFound(res)
- }
- res.set({
- 'Access-Control-Allow-Origin': '*', // allow CORS as API
- 'Access-Control-Allow-Headers': 'Range',
- 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
- 'Cache-Control': 'private', // only cache by client
- 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
- })
- res.send(content)
- })
- } else {
- return response.errorNotFound(res)
- }
- } else {
- models.Revision.getNoteRevisions(note, function (err, data) {
- if (err) {
- logger.error(err)
- return response.errorInternalError(res)
- }
- var out = {
- revision: data
- }
- res.set({
- 'Access-Control-Allow-Origin': '*', // allow CORS as API
- 'Access-Control-Allow-Headers': 'Range',
- 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
- 'Cache-Control': 'private', // only cache by client
- 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
- })
- res.send(out)
- })
- }
-}
-
-function noteActions (req, res, next) {
- var noteId = req.params.noteId
- findNote(req, res, function (note) {
- var action = req.params.action
- switch (action) {
- case 'publish':
- case 'pretty': // pretty deprecated
- actionPublish(req, res, note)
- break
- case 'slide':
- actionSlide(req, res, note)
- break
- case 'download':
- actionDownload(req, res, note)
- break
- case 'info':
- actionInfo(req, res, note)
- break
- case 'pdf':
- if (config.allowPDFExport) {
- actionPDF(req, res, note)
- } else {
- logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
- response.errorForbidden(res)
- }
- break
- case 'gist':
- actionGist(req, res, note)
- break
- case 'revision':
- actionRevision(req, res, note)
- break
- default:
- return res.redirect(config.serverURL + '/' + noteId)
- }
- })
-}
-
-function publishNoteActions (req, res, next) {
- findNote(req, res, function (note) {
- var action = req.params.action
- switch (action) {
- case 'download':
- actionDownload(req, res, note)
- break
- case 'edit':
- res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
- break
- default:
- res.redirect(config.serverURL + '/s/' + note.shortid)
- break
- }
- })
-}
-
-function publishSlideActions (req, res, next) {
- findNote(req, res, function (note) {
- var action = req.params.action
- switch (action) {
- case 'edit':
- res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
- break
- default:
- res.redirect(config.serverURL + '/p/' + note.shortid)
- break
- }
- })
-}
-
function githubActions (req, res, next) {
var noteId = req.params.noteId
- findNote(req, res, function (note) {
+ noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'gist':
@@ -480,7 +67,7 @@ function githubActionGist (req, res, note) {
var code = req.query.code
var state = req.query.state
if (!code || !state) {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
} else {
var data = {
client_id: config.github.clientID,
@@ -520,14 +107,14 @@ function githubActionGist (req, res, note) {
res.setHeader('referer', '')
res.redirect(body.html_url)
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
})
}
@@ -535,7 +122,7 @@ function githubActionGist (req, res, note) {
function gitlabActions (req, res, next) {
var noteId = req.params.noteId
- findNote(req, res, function (note) {
+ noteUtil.findNote(req, res, function (note) {
var action = req.params.action
switch (action) {
case 'projects':
@@ -555,7 +142,7 @@ function gitlabActionProjects (req, res, note) {
id: req.user.id
}
}).then(function (user) {
- if (!user) { return response.errorNotFound(res) }
+ if (!user) { return errors.errorNotFound(res) }
var ret = { baseURL: config.gitlab.baseURL, version: config.gitlab.version }
ret.accesstoken = user.accessToken
ret.profileid = user.profileid
@@ -572,69 +159,11 @@ function gitlabActionProjects (req, res, note) {
)
}).catch(function (err) {
logger.error('gitlab action projects failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
}
-function showPublishSlide (req, res, next) {
- var include = [{
- model: models.User,
- as: 'owner'
- }, {
- model: models.User,
- as: 'lastchangeuser'
- }]
- findNote(req, res, function (note) {
- // force to use short id
- var shortid = req.params.shortid
- if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) { return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid)) }
- note.increment('viewcount').then(function (note) {
- if (!note) {
- return response.errorNotFound(res)
- }
- var body = note.content
- var extracted = models.Note.extractMeta(body)
- var markdown = extracted.markdown
- var meta = models.Note.parseMeta(extracted.meta)
- var createtime = note.createdAt
- var updatetime = note.lastchangeAt
- var title = models.Note.decodeTitle(note.title)
- title = models.Note.generateWebTitle(meta.title || title)
- var data = {
- title: title,
- description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
- viewcount: note.viewcount,
- createtime: createtime,
- updatetime: updatetime,
- body: markdown,
- theme: meta.slideOptions && utils.isRevealTheme(meta.slideOptions.theme),
- meta: JSON.stringify(extracted.meta),
- owner: note.owner ? note.owner.id : null,
- ownerprofile: note.owner ? models.User.getProfile(note.owner) : null,
- lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
- lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null,
- robots: meta.robots || false, // default allow robots
- GA: meta.GA,
- disqus: meta.disqus,
- cspNonce: res.locals.nonce,
- dnt: req.headers.dnt
- }
- return renderPublishSlide(data, res)
- }).catch(function (err) {
- logger.error(err)
- return response.errorInternalError(res)
- })
- }, include)
-}
-
-function renderPublishSlide (data, res) {
- res.set({
- 'Cache-Control': 'private' // only cache by client
- })
- res.render('slide.ejs', data)
-}
-
module.exports = response
diff --git a/lib/utils.js b/lib/utils.js
index 1725f6e8..270cbd6a 100644
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -1,6 +1,4 @@
'use strict'
-const fs = require('fs')
-const path = require('path')
exports.isSQLite = function isSQLite (sequelize) {
return sequelize.options.dialect === 'sqlite'
@@ -27,10 +25,3 @@ exports.getImageMimeType = function getImageMimeType (imagePath) {
return undefined
}
}
-
-exports.isRevealTheme = function isRevealTheme (theme) {
- if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {
- return theme
- }
- return undefined
-}
diff --git a/lib/web/auth/dropbox/index.js b/lib/web/auth/dropbox/index.js
index 1cfabd29..aef011cb 100644
--- a/lib/web/auth/dropbox/index.js
+++ b/lib/web/auth/dropbox/index.js
@@ -4,7 +4,7 @@ const Router = require('express').Router
const passport = require('passport')
const DropboxStrategy = require('passport-dropbox-oauth2').Strategy
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let dropboxAuth = module.exports = Router()
@@ -16,7 +16,6 @@ passport.use(new DropboxStrategy({
}, passportGeneralCallback))
dropboxAuth.get('/auth/dropbox', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('dropbox-oauth2')(req, res, next)
})
diff --git a/lib/web/auth/email/index.js b/lib/web/auth/email/index.js
index 32e21428..78ca933b 100644
--- a/lib/web/auth/email/index.js
+++ b/lib/web/auth/email/index.js
@@ -7,9 +7,8 @@ const LocalStrategy = require('passport-local').Strategy
const config = require('../../../config')
const models = require('../../../models')
const logger = require('../../../logger')
-const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
-const response = require('../../../response')
+const errors = require('../../../errors')
let emailAuth = module.exports = Router()
@@ -39,8 +38,8 @@ passport.use(new LocalStrategy({
if (config.allowEmailRegister) {
emailAuth.post('/register', urlencodedParser, function (req, res, next) {
- if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
- if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
+ if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
+ if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
models.User.findOrCreate({
where: {
email: req.body.email
@@ -63,15 +62,14 @@ if (config.allowEmailRegister) {
return res.redirect(config.serverURL + '/')
}).catch(function (err) {
logger.error('auth callback failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
})
}
emailAuth.post('/login', urlencodedParser, function (req, res, next) {
- if (!req.body.email || !req.body.password) return response.errorBadRequest(res)
- if (!validator.isEmail(req.body.email)) return response.errorBadRequest(res)
- setReturnToFromReferer(req)
+ if (!req.body.email || !req.body.password) return errors.errorBadRequest(res)
+ if (!validator.isEmail(req.body.email)) return errors.errorBadRequest(res)
passport.authenticate('local', {
successReturnToOrRedirect: config.serverURL + '/',
failureRedirect: config.serverURL + '/',
diff --git a/lib/web/auth/facebook/index.js b/lib/web/auth/facebook/index.js
index 418ddeee..0ba948bb 100644
--- a/lib/web/auth/facebook/index.js
+++ b/lib/web/auth/facebook/index.js
@@ -5,7 +5,7 @@ const passport = require('passport')
const FacebookStrategy = require('passport-facebook').Strategy
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let facebookAuth = module.exports = Router()
@@ -16,7 +16,6 @@ passport.use(new FacebookStrategy({
}, passportGeneralCallback))
facebookAuth.get('/auth/facebook', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('facebook')(req, res, next)
})
diff --git a/lib/web/auth/github/index.js b/lib/web/auth/github/index.js
index afa5fa31..3a3a84c6 100644
--- a/lib/web/auth/github/index.js
+++ b/lib/web/auth/github/index.js
@@ -5,7 +5,7 @@ const passport = require('passport')
const GithubStrategy = require('passport-github').Strategy
const config = require('../../../config')
const response = require('../../../response')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let githubAuth = module.exports = Router()
@@ -16,7 +16,6 @@ passport.use(new GithubStrategy({
}, passportGeneralCallback))
githubAuth.get('/auth/github', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('github')(req, res, next)
})
diff --git a/lib/web/auth/gitlab/index.js b/lib/web/auth/gitlab/index.js
index 4cebbc10..1b628e81 100644
--- a/lib/web/auth/gitlab/index.js
+++ b/lib/web/auth/gitlab/index.js
@@ -5,7 +5,7 @@ const passport = require('passport')
const GitlabStrategy = require('passport-gitlab2').Strategy
const config = require('../../../config')
const response = require('../../../response')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let gitlabAuth = module.exports = Router()
@@ -18,7 +18,6 @@ passport.use(new GitlabStrategy({
}, passportGeneralCallback))
gitlabAuth.get('/auth/gitlab', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('gitlab')(req, res, next)
})
diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js
index ad9bcd7a..feb83025 100644
--- a/lib/web/auth/google/index.js
+++ b/lib/web/auth/google/index.js
@@ -4,7 +4,7 @@ const Router = require('express').Router
const passport = require('passport')
var GoogleStrategy = require('passport-google-oauth20').Strategy
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let googleAuth = module.exports = Router()
@@ -16,7 +16,6 @@ passport.use(new GoogleStrategy({
}, passportGeneralCallback))
googleAuth.get('/auth/google', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('google', { scope: ['profile'] })(req, res, next)
})
// google auth callback
diff --git a/lib/web/auth/ldap/index.js b/lib/web/auth/ldap/index.js
index 96143664..b501106d 100644
--- a/lib/web/auth/ldap/index.js
+++ b/lib/web/auth/ldap/index.js
@@ -6,9 +6,8 @@ const LDAPStrategy = require('passport-ldapauth')
const config = require('../../../config')
const models = require('../../../models')
const logger = require('../../../logger')
-const { setReturnToFromReferer } = require('../utils')
const { urlencodedParser } = require('../../utils')
-const response = require('../../../response')
+const errors = require('../../../errors')
let ldapAuth = module.exports = Router()
@@ -81,8 +80,7 @@ passport.use(new LDAPStrategy({
}))
ldapAuth.post('/auth/ldap', urlencodedParser, function (req, res, next) {
- if (!req.body.username || !req.body.password) return response.errorBadRequest(res)
- setReturnToFromReferer(req)
+ if (!req.body.username || !req.body.password) return errors.errorBadRequest(res)
passport.authenticate('ldapauth', {
successReturnToOrRedirect: config.serverURL + '/',
failureRedirect: config.serverURL + '/',
diff --git a/lib/web/auth/mattermost/index.js b/lib/web/auth/mattermost/index.js
index 48d6d297..78eca2af 100644
--- a/lib/web/auth/mattermost/index.js
+++ b/lib/web/auth/mattermost/index.js
@@ -5,7 +5,7 @@ const passport = require('passport')
const Mattermost = require('mattermost')
const OAuthStrategy = require('passport-oauth2').Strategy
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
const mattermost = new Mattermost.Client()
@@ -36,7 +36,6 @@ mattermostStrategy.userProfile = (accessToken, done) => {
passport.use(mattermostStrategy)
mattermostAuth.get('/auth/mattermost', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('oauth2')(req, res, next)
})
diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js
index 78434271..2bd73196 100644
--- a/lib/web/auth/oauth2/index.js
+++ b/lib/web/auth/oauth2/index.js
@@ -4,7 +4,7 @@ const Router = require('express').Router
const passport = require('passport')
const { Strategy, InternalOAuthError } = require('passport-oauth2')
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let oauth2Auth = module.exports = Router()
@@ -93,7 +93,6 @@ passport.use(new OAuth2CustomStrategy({
}, passportGeneralCallback))
oauth2Auth.get('/auth/oauth2', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('oauth2')(req, res, next)
})
diff --git a/lib/web/auth/openid/index.js b/lib/web/auth/openid/index.js
index b0a28bec..28e164f5 100644
--- a/lib/web/auth/openid/index.js
+++ b/lib/web/auth/openid/index.js
@@ -7,7 +7,6 @@ const config = require('../../../config')
const models = require('../../../models')
const logger = require('../../../logger')
const { urlencodedParser } = require('../../utils')
-const { setReturnToFromReferer } = require('../utils')
let openIDAuth = module.exports = Router()
@@ -48,7 +47,6 @@ passport.use(new OpenIDStrategy({
}))
openIDAuth.post('/auth/openid', urlencodedParser, function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('openid')(req, res, next)
})
diff --git a/lib/web/auth/twitter/index.js b/lib/web/auth/twitter/index.js
index 5aba20ff..56389f84 100644
--- a/lib/web/auth/twitter/index.js
+++ b/lib/web/auth/twitter/index.js
@@ -5,7 +5,7 @@ const passport = require('passport')
const TwitterStrategy = require('passport-twitter').Strategy
const config = require('../../../config')
-const { setReturnToFromReferer, passportGeneralCallback } = require('../utils')
+const { passportGeneralCallback } = require('../utils')
let twitterAuth = module.exports = Router()
@@ -16,7 +16,6 @@ passport.use(new TwitterStrategy({
}, passportGeneralCallback))
twitterAuth.get('/auth/twitter', function (req, res, next) {
- setReturnToFromReferer(req)
passport.authenticate('twitter')(req, res, next)
})
diff --git a/lib/web/auth/utils.js b/lib/web/auth/utils.js
index 141a0d6f..fb69f08c 100644
--- a/lib/web/auth/utils.js
+++ b/lib/web/auth/utils.js
@@ -3,12 +3,6 @@
const models = require('../../models')
const logger = require('../../logger')
-exports.setReturnToFromReferer = function setReturnToFromReferer (req) {
- var referer = req.get('referer')
- if (!req.session) req.session = {}
- req.session.returnTo = referer
-}
-
exports.passportGeneralCallback = function callback (accessToken, refreshToken, profile, done) {
var stringifiedProfile = JSON.stringify(profile)
models.User.findOrCreate({
diff --git a/lib/web/baseRouter.js b/lib/web/baseRouter.js
index b918ce75..df5e2777 100644
--- a/lib/web/baseRouter.js
+++ b/lib/web/baseRouter.js
@@ -6,17 +6,19 @@ const response = require('../response')
const baseRouter = module.exports = Router()
+const errors = require('../errors')
+
// get index
baseRouter.get('/', response.showIndex)
// get 403 forbidden
baseRouter.get('/403', function (req, res) {
- response.errorForbidden(res)
+ errors.errorForbidden(res)
})
// get 404 not found
baseRouter.get('/404', function (req, res) {
- response.errorNotFound(res)
+ errors.errorNotFound(res)
})
// get 500 internal error
baseRouter.get('/500', function (req, res) {
- response.errorInternalError(res)
+ errors.errorInternalError(res)
})
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
index 0b59218b..aa02e9b0 100644
--- a/lib/web/imageRouter/index.js
+++ b/lib/web/imageRouter/index.js
@@ -5,7 +5,7 @@ const formidable = require('formidable')
const config = require('../../config')
const logger = require('../../logger')
-const response = require('../../response')
+const errors = require('../../errors')
const imageRouter = module.exports = Router()
@@ -22,7 +22,7 @@ imageRouter.post('/uploadimage', function (req, res) {
form.parse(req, function (err, fields, files) {
if (err || !files.image || !files.image.path) {
logger.error(`formidable error: ${err}`)
- response.errorForbidden(res)
+ errors.errorForbidden(res)
} else {
logger.debug(`SERVER received uploadimage: ${JSON.stringify(files.image)}`)
diff --git a/lib/web/middleware/checkURIValid.js b/lib/web/middleware/checkURIValid.js
index 88065e79..cd6dabd2 100644
--- a/lib/web/middleware/checkURIValid.js
+++ b/lib/web/middleware/checkURIValid.js
@@ -1,14 +1,14 @@
'use strict'
const logger = require('../../logger')
-const response = require('../../response')
+const errors = require('../../errors')
module.exports = function (req, res, next) {
try {
decodeURIComponent(req.path)
} catch (err) {
logger.error(err)
- return response.errorBadRequest(res)
+ return errors.errorBadRequest(res)
}
next()
}
diff --git a/lib/web/middleware/tooBusy.js b/lib/web/middleware/tooBusy.js
index 49efbe37..a2101975 100644
--- a/lib/web/middleware/tooBusy.js
+++ b/lib/web/middleware/tooBusy.js
@@ -2,14 +2,14 @@
const toobusy = require('toobusy-js')
-const response = require('../../response')
+const errors = require('../../errors')
const config = require('../../config')
toobusy.maxLag(config.tooBusyLag)
module.exports = function (req, res, next) {
if (toobusy()) {
- response.errorServiceUnavailable(res)
+ errors.errorServiceUnavailable(res)
} else {
next()
}
diff --git a/lib/web/note/actions.js b/lib/web/note/actions.js
new file mode 100644
index 00000000..9ff7fedb
--- /dev/null
+++ b/lib/web/note/actions.js
@@ -0,0 +1,122 @@
+const models = require('../../models')
+const logger = require('../../logger')
+const config = require('../../config')
+const errors = require('../../errors')
+const fs = require('fs')
+const shortId = require('shortid')
+const markdownpdf = require('markdown-pdf')
+const moment = require('moment')
+const querystring = require('querystring')
+
+exports.getInfo = function getInfo (req, res, note) {
+ const body = note.content
+ const extracted = models.Note.extractMeta(body)
+ const markdown = extracted.markdown
+ const meta = models.Note.parseMeta(extracted.meta)
+ const createtime = note.createdAt
+ const updatetime = note.lastchangeAt
+ const title = models.Note.decodeTitle(note.title)
+ const data = {
+ title: meta.title || title,
+ description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
+ viewcount: note.viewcount,
+ createtime: createtime,
+ updatetime: updatetime
+ }
+ res.set({
+ 'Access-Control-Allow-Origin': '*', // allow CORS as API
+ 'Access-Control-Allow-Headers': 'Range',
+ 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+ 'Cache-Control': 'private', // only cache by client
+ 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+ })
+ res.send(data)
+}
+
+exports.createPDF = function createPDF (req, res, note) {
+ const url = config.serverURL || 'http://' + req.get('host')
+ const body = note.content
+ const extracted = models.Note.extractMeta(body)
+ let content = extracted.markdown
+ const title = models.Note.decodeTitle(note.title)
+
+ if (!fs.existsSync(config.tmpPath)) {
+ fs.mkdirSync(config.tmpPath)
+ }
+ const path = config.tmpPath + '/' + Date.now() + '.pdf'
+ content = content.replace(/\]\(\//g, '](' + url + '/')
+ markdownpdf().from.string(content).to(path, function () {
+ if (!fs.existsSync(path)) {
+ logger.error('PDF seems to not be generated as expected. File doesn\'t exist: ' + path)
+ return errors.errorInternalError(res)
+ }
+ const stream = fs.createReadStream(path)
+ let filename = title
+ // Be careful of special characters
+ filename = encodeURIComponent(filename)
+ // Ideally this should strip them
+ res.setHeader('Content-disposition', 'attachment; filename="' + filename + '.pdf"')
+ res.setHeader('Cache-Control', 'private')
+ res.setHeader('Content-Type', 'application/pdf; charset=UTF-8')
+ res.setHeader('X-Robots-Tag', 'noindex, nofollow') // prevent crawling
+ stream.pipe(res)
+ fs.unlinkSync(path)
+ })
+}
+
+exports.createGist = function createGist (req, res, note) {
+ const data = {
+ client_id: config.github.clientID,
+ redirect_uri: config.serverURL + '/auth/github/callback/' + models.Note.encodeNoteId(note.id) + '/gist',
+ scope: 'gist',
+ state: shortId.generate()
+ }
+ const query = querystring.stringify(data)
+ res.redirect('https://github.com/login/oauth/authorize?' + query)
+}
+
+exports.getRevision = function getRevision (req, res, note) {
+ const actionId = req.params.actionId
+ if (actionId) {
+ const time = moment(parseInt(actionId))
+ if (time.isValid()) {
+ models.Revision.getPatchedNoteRevisionByTime(note, time, function (err, content) {
+ if (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ }
+ if (!content) {
+ return errors.errorNotFound(res)
+ }
+ res.set({
+ 'Access-Control-Allow-Origin': '*', // allow CORS as API
+ 'Access-Control-Allow-Headers': 'Range',
+ 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+ 'Cache-Control': 'private', // only cache by client
+ 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+ })
+ res.send(content)
+ })
+ } else {
+ return errors.errorNotFound(res)
+ }
+ } else {
+ models.Revision.getNoteRevisions(note, function (err, data) {
+ if (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ }
+ const out = {
+ revision: data
+ }
+ res.set({
+ 'Access-Control-Allow-Origin': '*', // allow CORS as API
+ 'Access-Control-Allow-Headers': 'Range',
+ 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+ 'Cache-Control': 'private', // only cache by client
+ 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+ })
+ res.send(out)
+ })
+ }
+}
diff --git a/lib/web/note/controller.js b/lib/web/note/controller.js
new file mode 100644
index 00000000..e537fe08
--- /dev/null
+++ b/lib/web/note/controller.js
@@ -0,0 +1,147 @@
+'use strict'
+
+const models = require('../../models')
+const logger = require('../../logger')
+const config = require('../../config')
+const errors = require('../../errors')
+
+const noteUtil = require('./util')
+const noteActions = require('./actions')
+
+exports.publishNoteActions = function (req, res, next) {
+ noteUtil.findNote(req, res, function (note) {
+ const action = req.params.action
+ switch (action) {
+ case 'download':
+ exports.downloadMarkdown(req, res, note)
+ break
+ case 'edit':
+ res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
+ break
+ default:
+ res.redirect(config.serverURL + '/s/' + note.shortid)
+ break
+ }
+ })
+}
+
+exports.showPublishNote = function (req, res, next) {
+ const include = [{
+ model: models.User,
+ as: 'owner'
+ }, {
+ model: models.User,
+ as: 'lastchangeuser'
+ }]
+ noteUtil.findNote(req, res, function (note) {
+ // force to use short id
+ const shortid = req.params.shortid
+ if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
+ return res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
+ }
+ note.increment('viewcount').then(function (note) {
+ if (!note) {
+ return errors.errorNotFound(res)
+ }
+ noteUtil.getPublishData(req, res, note, (data) => {
+ res.set({
+ 'Cache-Control': 'private' // only cache by client
+ })
+ return res.render('pretty.ejs', data)
+ })
+ }).catch(function (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ })
+ }, include)
+}
+
+exports.showNote = function (req, res, next) {
+ noteUtil.findNote(req, res, function (note) {
+ // force to use note id
+ const noteId = req.params.noteId
+ const id = models.Note.encodeNoteId(note.id)
+ if ((note.alias && noteId !== note.alias) || (!note.alias && noteId !== id)) {
+ return res.redirect(config.serverURL + '/' + (note.alias || id))
+ }
+ const body = note.content
+ const extracted = models.Note.extractMeta(body)
+ const meta = models.Note.parseMeta(extracted.meta)
+ let title = models.Note.decodeTitle(note.title)
+ title = models.Note.generateWebTitle(meta.title || title)
+ const opengraph = models.Note.parseOpengraph(meta, title)
+ res.set({
+ 'Cache-Control': 'private', // only cache by client
+ 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+ })
+ return res.render('codimd.ejs', {
+ title: title,
+ opengraph: opengraph
+ })
+ })
+}
+
+exports.createFromPOST = function (req, res, next) {
+ let body = ''
+ if (req.body && req.body.length > config.documentMaxLength) {
+ return errors.errorTooLong(res)
+ } else if (req.body) {
+ body = req.body
+ }
+ body = body.replace(/[\r]/g, '')
+ return noteUtil.newNote(req, res, body)
+}
+
+exports.doAction = function (req, res, next) {
+ const noteId = req.params.noteId
+ noteUtil.findNote(req, res, function (note) {
+ const action = req.params.action
+ switch (action) {
+ case 'publish':
+ case 'pretty': // pretty deprecated
+ res.redirect(config.serverURL + '/s/' + (note.alias || note.shortid))
+ break
+ case 'slide':
+ res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
+ break
+ case 'download':
+ exports.downloadMarkdown(req, res, note)
+ break
+ case 'info':
+ noteActions.getInfo(req, res, note)
+ break
+ case 'pdf':
+ if (config.allowPDFExport) {
+ noteActions.createPDF(req, res, note)
+ } else {
+ logger.error('PDF export failed: Disabled by config. Set "allowPDFExport: true" to enable. Check the documentation for details')
+ errors.errorForbidden(res)
+ }
+ break
+ case 'gist':
+ noteActions.createGist(req, res, note)
+ break
+ case 'revision':
+ noteActions.getRevision(req, res, note)
+ break
+ default:
+ return res.redirect(config.serverURL + '/' + noteId)
+ }
+ })
+}
+
+exports.downloadMarkdown = function (req, res, note) {
+ const body = note.content
+ let filename = models.Note.decodeTitle(note.title)
+ filename = encodeURIComponent(filename)
+ res.set({
+ 'Access-Control-Allow-Origin': '*', // allow CORS as API
+ 'Access-Control-Allow-Headers': 'Range',
+ 'Access-Control-Expose-Headers': 'Cache-Control, Content-Encoding, Content-Range',
+ 'Content-Type': 'text/markdown; charset=UTF-8',
+ 'Cache-Control': 'private',
+ 'Content-disposition': 'attachment; filename=' + filename + '.md',
+ 'X-Robots-Tag': 'noindex, nofollow' // prevent crawling
+ })
+ res.send(body)
+}
diff --git a/lib/web/note/router.js b/lib/web/note/router.js
new file mode 100644
index 00000000..cf6fdf43
--- /dev/null
+++ b/lib/web/note/router.js
@@ -0,0 +1,30 @@
+'use strict'
+
+const Router = require('express').Router
+const { markdownParser } = require('../utils')
+
+const router = module.exports = Router()
+
+const noteController = require('./controller')
+const slide = require('./slide')
+
+// get new note
+router.get('/new', noteController.createFromPOST)
+// post new note with content
+router.post('/new', markdownParser, noteController.createFromPOST)
+// post new note with content and alias
+router.post('/new/:noteId', markdownParser, noteController.createFromPOST)
+// get publish note
+router.get('/s/:shortid', noteController.showPublishNote)
+// publish note actions
+router.get('/s/:shortid/:action', noteController.publishNoteActions)
+// get publish slide
+router.get('/p/:shortid', slide.showPublishSlide)
+// publish slide actions
+router.get('/p/:shortid/:action', slide.publishSlideActions)
+// get note by id
+router.get('/:noteId', noteController.showNote)
+// note actions
+router.get('/:noteId/:action', noteController.doAction)
+// note actions with action id
+router.get('/:noteId/:action/:actionId', noteController.doAction)
diff --git a/lib/web/note/slide.js b/lib/web/note/slide.js
new file mode 100644
index 00000000..d2d2ccfc
--- /dev/null
+++ b/lib/web/note/slide.js
@@ -0,0 +1,45 @@
+const noteUtil = require('./util')
+const models = require('../../models')
+const errors = require('../../errors')
+const logger = require('../../logger')
+const config = require('../../config')
+
+exports.publishSlideActions = function (req, res, next) {
+ noteUtil.findNote(req, res, function (note) {
+ const action = req.params.action
+ if (action === 'edit') {
+ res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)) + '?both')
+ } else { res.redirect(config.serverURL + '/p/' + note.shortid) }
+ })
+}
+
+exports.showPublishSlide = function (req, res, next) {
+ const include = [{
+ model: models.User,
+ as: 'owner'
+ }, {
+ model: models.User,
+ as: 'lastchangeuser'
+ }]
+ noteUtil.findNote(req, res, function (note) {
+ // force to use short id
+ const shortid = req.params.shortid
+ if ((note.alias && shortid !== note.alias) || (!note.alias && shortid !== note.shortid)) {
+ return res.redirect(config.serverURL + '/p/' + (note.alias || note.shortid))
+ }
+ note.increment('viewcount').then(function (note) {
+ if (!note) {
+ return errors.errorNotFound(res)
+ }
+ noteUtil.getPublishData(req, res, note, (data) => {
+ res.set({
+ 'Cache-Control': 'private' // only cache by client
+ })
+ return res.render('slide.ejs', data)
+ })
+ }).catch(function (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ })
+ }, include)
+}
diff --git a/lib/web/note/util.js b/lib/web/note/util.js
new file mode 100644
index 00000000..eadfb1a3
--- /dev/null
+++ b/lib/web/note/util.js
@@ -0,0 +1,109 @@
+const models = require('../../models')
+const logger = require('../../logger')
+const config = require('../../config')
+const errors = require('../../errors')
+const fs = require('fs')
+const path = require('path')
+
+exports.findNote = function (req, res, callback, include) {
+ const id = req.params.noteId || req.params.shortid
+ models.Note.parseNoteId(id, function (err, _id) {
+ if (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ }
+ models.Note.findOne({
+ where: {
+ id: _id
+ },
+ include: include || null
+ }).then(function (note) {
+ if (!note) {
+ return exports.newNote(req, res, null)
+ }
+ if (!exports.checkViewPermission(req, note)) {
+ return errors.errorForbidden(res)
+ } else {
+ return callback(note)
+ }
+ }).catch(function (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ })
+ })
+}
+
+exports.checkViewPermission = function (req, note) {
+ if (note.permission === 'private') {
+ return !(!req.isAuthenticated() || note.ownerId !== req.user.id)
+ } else if (note.permission === 'limited' || note.permission === 'protected') {
+ return req.isAuthenticated()
+ } else {
+ return true
+ }
+}
+
+exports.newNote = function (req, res, body) {
+ let owner = null
+ const noteId = req.params.noteId ? req.params.noteId : null
+ if (req.isAuthenticated()) {
+ owner = req.user.id
+ } else if (!config.allowAnonymous) {
+ return errors.errorForbidden(res)
+ }
+ if (config.allowFreeURL && noteId && !config.forbiddenNoteIDs.includes(noteId)) {
+ req.alias = noteId
+ } else if (noteId) {
+ return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
+ }
+ models.Note.create({
+ ownerId: owner,
+ alias: req.alias ? req.alias : null,
+ content: body
+ }).then(function (note) {
+ return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
+ }).catch(function (err) {
+ logger.error(err)
+ return errors.errorInternalError(res)
+ })
+}
+
+exports.getPublishData = function (req, res, note, callback) {
+ const body = note.content
+ const extracted = models.Note.extractMeta(body)
+ const markdown = extracted.markdown
+ const meta = models.Note.parseMeta(extracted.meta)
+ const createtime = note.createdAt
+ const updatetime = note.lastchangeAt
+ let title = models.Note.decodeTitle(note.title)
+ title = models.Note.generateWebTitle(meta.title || title)
+ const ogdata = models.Note.parseOpengraph(meta, title)
+ const data = {
+ title: title,
+ description: meta.description || (markdown ? models.Note.generateDescription(markdown) : null),
+ viewcount: note.viewcount,
+ createtime: createtime,
+ updatetime: updatetime,
+ body: markdown,
+ theme: meta.slideOptions && isRevealTheme(meta.slideOptions.theme),
+ meta: JSON.stringify(extracted.meta),
+ owner: note.owner ? note.owner.id : null,
+ ownerprofile: note.owner ? models.User.getProfile(note.owner) : null,
+ lastchangeuser: note.lastchangeuser ? note.lastchangeuser.id : null,
+ lastchangeuserprofile: note.lastchangeuser ? models.User.getProfile(note.lastchangeuser) : null,
+ robots: meta.robots || false, // default allow robots
+ GA: meta.GA,
+ disqus: meta.disqus,
+ cspNonce: res.locals.nonce,
+ dnt: req.headers.dnt,
+ opengraph: ogdata
+ }
+ callback(data)
+}
+
+function isRevealTheme (theme) {
+ if (fs.existsSync(path.join(__dirname, '..', 'public', 'build', 'reveal.js', 'css', 'theme', theme + '.css'))) {
+ return theme
+ }
+ return undefined
+}
diff --git a/lib/web/noteRouter.js b/lib/web/noteRouter.js
deleted file mode 100644
index 58e93019..00000000
--- a/lib/web/noteRouter.js
+++ /dev/null
@@ -1,30 +0,0 @@
-'use strict'
-
-const Router = require('express').Router
-
-const response = require('../response')
-
-const { markdownParser } = require('./utils')
-
-const noteRouter = module.exports = Router()
-
-// get new note
-noteRouter.get('/new', response.postNote)
-// post new note with content
-noteRouter.post('/new', markdownParser, response.postNote)
-// post new note with content and alias
-noteRouter.post('/new/:noteId', markdownParser, response.postNote)
-// get publish note
-noteRouter.get('/s/:shortid', response.showPublishNote)
-// publish note actions
-noteRouter.get('/s/:shortid/:action', response.publishNoteActions)
-// get publish slide
-noteRouter.get('/p/:shortid', response.showPublishSlide)
-// publish slide actions
-noteRouter.get('/p/:shortid/:action', response.publishSlideActions)
-// get note by id
-noteRouter.get('/:noteId', response.showNote)
-// note actions
-noteRouter.get('/:noteId/:action', response.noteActions)
-// note actions with action id
-noteRouter.get('/:noteId/:action/:actionId', response.noteActions)
diff --git a/lib/web/statusRouter.js b/lib/web/statusRouter.js
index 1d9a1157..025aafd4 100644
--- a/lib/web/statusRouter.js
+++ b/lib/web/statusRouter.js
@@ -2,7 +2,7 @@
const Router = require('express').Router
-const response = require('../response')
+const errors = require('../errors')
const realtime = require('../realtime')
const config = require('../config')
const models = require('../models')
@@ -27,11 +27,11 @@ statusRouter.get('/status', function (req, res, next) {
statusRouter.get('/temp', function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
- response.errorForbidden(res)
+ errors.errorForbidden(res)
} else {
var tempid = req.query.tempid
if (!tempid) {
- response.errorForbidden(res)
+ errors.errorForbidden(res)
} else {
models.Temp.findOne({
where: {
@@ -39,7 +39,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).then(function (temp) {
if (!temp) {
- response.errorNotFound(res)
+ errors.errorNotFound(res)
} else {
res.header('Access-Control-Allow-Origin', '*')
res.send({
@@ -53,7 +53,7 @@ statusRouter.get('/temp', function (req, res) {
}
}).catch(function (err) {
logger.error(err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
}
}
@@ -62,11 +62,11 @@ statusRouter.get('/temp', function (req, res) {
statusRouter.post('/temp', urlencodedParser, function (req, res) {
var host = req.get('host')
if (config.allowOrigin.indexOf(host) === -1) {
- response.errorForbidden(res)
+ errors.errorForbidden(res)
} else {
var data = req.body.data
if (!data) {
- response.errorForbidden(res)
+ errors.errorForbidden(res)
} else {
logger.debug(`SERVER received temp from [${host}]: ${req.body.data}`)
models.Temp.create({
@@ -79,11 +79,11 @@ statusRouter.post('/temp', urlencodedParser, function (req, res) {
id: temp.id
})
} else {
- response.errorInternalError(res)
+ errors.errorInternalError(res)
}
}).catch(function (err) {
logger.error(err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
}
}
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index 73b519ec..f1f999f1 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -4,7 +4,7 @@ const archiver = require('archiver')
const async = require('async')
const Router = require('express').Router
-const response = require('../response')
+const errors = require('../errors')
const config = require('../config')
const models = require('../models')
const logger = require('../logger')
@@ -20,7 +20,7 @@ UserRouter.get('/me', function (req, res) {
id: req.user.id
}
}).then(function (user) {
- if (!user) { return response.errorNotFound(res) }
+ if (!user) { return errors.errorNotFound(res) }
var profile = models.User.getProfile(user)
res.send({
status: 'ok',
@@ -30,7 +30,7 @@ UserRouter.get('/me', function (req, res) {
})
}).catch(function (err) {
logger.error('read me failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
} else {
res.send({
@@ -48,21 +48,21 @@ UserRouter.get('/me/delete/:token?', function (req, res) {
}
}).then(function (user) {
if (!user) {
- return response.errorNotFound(res)
+ return errors.errorNotFound(res)
}
if (user.deleteToken === req.params.token) {
user.destroy().then(function () {
res.redirect(config.serverURL + '/')
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
}).catch(function (err) {
logger.error('delete user failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
})
@@ -78,7 +78,7 @@ UserRouter.get('/me/export', function (req, res) {
archive.pipe(res)
archive.on('error', function (err) {
logger.error('export user data failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
models.User.findOne({
where: {
@@ -107,7 +107,7 @@ UserRouter.get('/me/export', function (req, res) {
callback(null, null)
}, function (err) {
if (err) {
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
}
archive.finalize()
@@ -115,10 +115,10 @@ UserRouter.get('/me/export', function (req, res) {
})
}).catch(function (err) {
logger.error('export user data failed: ' + err)
- return response.errorInternalError(res)
+ return errors.errorInternalError(res)
})
} else {
- return response.errorForbidden(res)
+ return errors.errorForbidden(res)
}
})